The Encryption Enigma October 9, 2012

Transcription

1 The Encryption Enigma October 9, 2012 Underwritten by:

2 Introduction Two years ago, WikiLeaks posted 400,000 pages on the Iraq War that the Pentagon called the largest leak of classified documents in its history. * The problem? Nearly 4.9 million people have access to classified U.S. government information.** Nearly all of those also have access to . Feds think encryption, among other security measures, should keep sensitive data safe. But what if encryption isn t the answer? What if encryption especially encryption deployed at the desktop is part of the problem? MeriTalk surveyed 203 government information security managers and managers to better understand the potential threats associated with encryption and digital signatures. The Encryption Enigma Report captures insights from those who know the topics best and gauges their awareness of, and attitudes toward, security and encryption issues. 2 *http://news.nationalpost.com/2010/11/28/a-wikileaks-timeline **http://www.fas.org/sgp/othergov/intel/clear-2011.pdf

3 Executive Summary Federal agencies run on A Federal agency sends and receives 47.3M s daily* The Federal government sends and receives a whopping 1.89B s daily** We built walls and then we dug a new tunnel: Nearly 90% of Federal agencies say the security policy changes they made following the release of sensitive information on WikiLeaks improved their overall security*** 83% provide users with the ability to encrypt outbound at the desktop The Encryption Enigma: encryption at the desktop is supposed to improve security but it might make security worse. 80% of Federal information security managers fear data loss through encrypted ; and 58% state that encryption makes it harder to detect data leaving Way forward: Feds point to improved end-user training (55%); advanced security technology (54%); and improved end-user security policies (47%) as ways to overcome security challenges 3 *According to managers **Assuming 40 primary Federal agencies ***Of those who made changes to their security policies, n=92

4 Overload Federal agencies send and receive massive amounts of each day Daily, a Federal agency sends and receives, on average: 47.3M s* For the Federal government, that s an average of: 1.89B s per day** Take Away: Federal Agencies Run on 4 *According to managers **Assuming 40 primary Federal agencies

5 You Are The Weakest Link While cyber security is a top priority in nearly all agencies, just one in four rate the security of their current solution an A 79% say cyber security is a top IT priority for the next 12 months* However, just one in four agencies rate the security of their current solution an A 39% say it is the top IT priority** What is the assessment of the internal threat vs. the external threat? Just 45% of Feds made changes to their security policies because of sensitive data published on sites like WikiLeaks. Take Away: On The Inside Looking Out 5 *Respondents who ranked cyber security an 8-10 on a scale of 1-10, where 1=not at all a priority and 10=top priority **Those who ranked it a 10

6 Point Click Steal Despite security measures, Feds say standard work is the #1 way unauthorized data leaves their agency Current security measures:* Still: 83% 86% provide users with the ability to encrypt outbound DoD Civilian provide the capability to validate digital certificates DoD 92% 93% Civilian 74% 78% In which of the following ways does unauthorized data leave your agency?** Standard work 48% Agency-issued mobile device 47% USB flash drives 40% Personal 38% Personal mobile devices 33% Web-based work 23% Take Away: While the Inside is Leaking Out 6 *According to those who know their agency s status **Respondents asked to select all that apply

7 The Illusion of Security Most agencies (84 percent) believe that they are safe, and that their gateways support the inspection of desktop-encrypted . True if: Agencies can validate all users Except just 69 percent of agencies have issued PIV cards Agencies have proper policies in place Except 47 percent of agencies cite the need for better policies Users follow correct policies Except 45 percent of agencies report that employees don t follow the policies X X X In fact, even if these three conditions are met, agencies may be unable to enforce policies unless their gateways explicitly decrypt and scan desktop-encrypted . Take Away: Three Strikes and the Information is Out 7

8 So What Does This Mean? Information security managers say that encryption is a threat. and file transfer managers are not convinced Info security managers: managers: Are you concerned with the possibility of data loss prevention (DLP) violations embedded in encrypted s? Does encryption make it harder for your agency to detect when valuable or sensitive information is leaving?*** Does encryption make it harder to track down information after it leaves?*** 80%* yes 36%** yes 58% yes 47% yes 61% yes 47% yes Mixed reviews: Encryption is the best way to safeguard sensitive info. We will continue to use it and perhaps use it to a greater extent. Encrypted is a security and operational problem. The more layers you add, the slower the [review]. Take Away: Is It or Isn t It? *According to those whose current gateway does not support the inspection of desktop-encrypted , n=10 **According to those whose current 8

9 The Threat is Growing Information security experts point to a concern today; a crisis tomorrow Info security managers: In the next five years, do you expect encryption to become a more or less significant security problem for Federal agencies? Approximately one in four Feds see encryption as a problem today More significant Stay the same Less significant Take Away: A Stitch in Time Saves Nine Congressional Hearings 9

11 Remaining Challenges Feds point to lack of budget and employee discipline as the top barriers to securing Federal In your opinion, what are the biggest barriers to a secure Federal system?* Lack of budget Lack of employees adhering to security policies Rise of mobile technologies Lack of training Lack of clear agency security policies Lack of control over flow in/out of the agency Rise of bring your own device (BYOD) 22% 21% 20% 30% 29% 46% 45% Take Away: Solutions Exist; Agencies Must Capitalize 11 *Respondents asked to select all that apply

Uncle Sam at Your Service The 2011 Federal Customer Experience Study August 29, 2011 Underwritten by: Introduction In April 2011, The White House released Executive Order 13571 to streamline Federal service

November 4, 2015 Underwritten by: Introduction More and more Internet-enabled devices are connecting to Federal networks. Are endpoint security strategies maturing as the definition of an endpoint expands?

Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk

Feds on the Go: Network Needs for Maximum Mobility August 19, 2013 Underwritten by: Introduction Mobile devices and critically the infrastructure on which they run are changing how Federal employees work.

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach to IT security FEATURE STORY REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach

SILVER LININGS & SURPRISES CDW s 2013 State of The Cloud Report 2013 CDW LLC INTRODUCTION An organization s decision to move IT to the cloud is daunting because it is a wholesale change in sourcing and

Don't Be The Next Data Loss Story Data Breaches Don t Discriminate DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor Royal London Mutual Insurance Society

Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class

Version 1.0 Date: Author: PCI Security Standards Council Executive Summary The time to migrate is now. For over 20 years Secure Sockets Layer (SSL) has been in the market as one of the most widely-used

Services ZixCorp provides easy-to-use email encryption services for privacy and regulatory compliance. As the largest email encryption services provider, ZixCorp protects tens of millions of members in

Organizations See PCI as a Benefit, Not a Burden White Paper Top 10 Takeaways from the Cisco PCI Survey 1. Most organizations have taken significant steps to achieve PCI compliance and believe their current

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Full Compliance With Trusted Internet Connection Requirements Is Progressing; However, Improvements Would Strengthen Security September 17, 2013 Reference

Secure in Transmission and Secure behind the Network A Review of Email Encryption Methods and How They Can Meet Your Company s Needs By ZixCorp www.zixcorp.com Secure in Transition and Secure behind the

A Pulse on Virtualization & Cloud Computing Prepared for Quest Software by Norwich University, School of Graduate and Continuing Studies April 2011 2010 Quest Software, Inc. ALL RIGHTS RESERVED Table of

Key Steps to a Secure Remote Workforce Telecommuting benefits the employee and the company, the community and the environment. With the right security measures in place, there s no need to delay in creating

REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach to IT security FEATURE STORY REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach

On the Pulse: INFORMATION SECURITY RISK IN AMERICAN BUSINESS On The Pulse: INFORMATION SECURITY RISK IN AMERICAN BUSINESS Employees Believe Company and Information is at Risk American businesses need to

Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there

April 17, 2012 2012 CDW INTRODUCTION AND METHODOLOGY One in four organizations has experienced a data loss in the last two years. Many report breaches jeopardizing their email, network or other sensitive

Application Visibility and Control: In the Firewall vs. Next to the Firewall How Next-Generation Firewalls are Different From UTM and IPS-based Products May 2010 Palo Alto Networks 232 E. Java Drive Sunnyvale,

SEPTEMBER 2011 Peer Research Desktop Virtualization Insights for IT Strategic Planning Why you should read this document: This report describes key findings from a survey of 200 IT professionals that can

A Custom Technology Adoption Profile Commissioned By Code42 April 2014 Why Endpoint Backup Is More Critical Than Ever Introduction The mobile mind shift is here, and as employees increasingly favor using

A Custom Technology Adoption Profile Commissioned By Fortinet April 2014 1 Firms Turn To Next- Generation Firewalls To Tackle Evolving IT Threats Introduction With the advancement of technology, IT security

CLOUD 401: NAVIGATING ADVANCED TOPICS IN CLOUD COMPUTING Introduction The cloud market has matured, and many IT professionals are exploring advanced topics in cloud architecture and deployment, covering

terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly

BSA-ISSA Information Security Study Online Survey of ISSA Members December 3, 2003 Research Conducted Between October 13 and October 29, 2003 Key Findings I. A majority of security professionals believe

Services ZixCorp provides easy-to-use email encryption services for privacy and regulatory compliance. As the largest email encryption services provider, ZixCorp protects tens of millions of members in

A Modern Framework for Network Security in the Federal Government 1 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Trends in Federal Requirements for Network Security In recent years,

Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices Introduction Bring Your Own Device (BYOD) and consumerization of IT are all phrases that serve to encompass

Abstract: Robert Bond Malone is currently pursuing a J.D. at The University of Oklahoma College of Law as part of the Class of 2007. Below, Mr. Malone expands upon his previous publication, Health Information

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Employees tell the truth about your company s data How to make mobile devices safe for work and play Table of contents Executive summary... p3 Introduction the habit of a lifetime... p3 The survey results

Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as

Managing the Shadow Cloud Integrating cloud governance into your existing compliance program August 2014 Shadow IT is not a new concept and organizations are well aware of the risks associated with unauthorized

The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.

White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

Awareness, Trust and Security to Shape Government Adoption Awareness Trust Security A white paper by: April 1 1 Executive Summary The awareness, trust and security issues that have limited federal government

2015 State of the Network SURVEY Exclusive Research from Network World EXECUTIVE SUMMARY Networking Advancements Are Leading to IT Transformation Security and cloud drive technology decisions The transformation

White Paper The Modern Network Monitoring Mandate By Bob Laliberte, Senior Analyst April 2014 This ESG White Paper was commissioned by Emulex and is distributed under license from ESG. White Paper: The

Research February 2015 Mobile E-Commerce: Friend or Foe? A A J.Gold Associates Research Report Many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices

WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

Small Businesses Then & Now 1 How are things different for small business owners than they were five years ago, when the economic crisis started to unfold and social media gained a foothold with Facebook?

Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...